[   82.374255][ T1116] batman_adv: batadv0: Removing interface: batadv_slave_1
[   82.444854][ T1116] veth1_macvtap: left promiscuous mode
[   82.445019][ T1116] veth0_macvtap: left promiscuous mode
[   82.445171][ T1116] veth1_vlan: left promiscuous mode
[   82.445322][ T1116] veth0_vlan: left promiscuous mode
[   83.042700][ T1116] team0 (unregistering): Port device team_slave_1 removed
[   83.083457][ T1116] team0 (unregistering): Port device team_slave_0 removed
[   83.273414][ T5466] 8021q: adding VLAN 0 to HW filter on device eth2
[   83.691548][ T5466] 8021q: adding VLAN 0 to HW filter on device eth3
[   84.090930][ T5466] 8021q: adding VLAN 0 to HW filter on device eth4
Warning: Permanently added '10.128.0.91' (ED25519) to the list of known hosts.
2026/04/16 20:20:40 ignoring optional flag "type"="gce"
2026/04/16 20:20:40 parsed 1 programs
2026/04/16 20:20:42 executed programs: 0
[   99.370255][ T5988] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   99.428303][ T5120] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   99.430696][ T5120] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   99.431439][ T5120] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   99.460816][ T5120] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   99.461845][ T5120] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.665690][ T5994] chnl_net:caif_netlink_parms(): no params data found
[   99.883987][ T5994] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.884114][ T5994] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.884216][ T5994] bridge_slave_0: entered allmulticast mode
[   99.885598][ T5994] bridge_slave_0: entered promiscuous mode
[   99.889819][ T5994] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.889946][ T5994] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.890219][ T5994] bridge_slave_1: entered allmulticast mode
[   99.891556][ T5994] bridge_slave_1: entered promiscuous mode
[  100.015824][ T5994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.018258][ T5994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.165248][ T5994] team0: Port device team_slave_0 added
[  100.167260][ T5994] team0: Port device team_slave_1 added
[  100.294799][ T5994] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.294814][ T5994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.294827][ T5994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.296066][ T5994] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.296079][ T5994] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.296095][ T5994] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.468859][ T5994] hsr_slave_0: entered promiscuous mode
[  100.469555][ T5994] hsr_slave_1: entered promiscuous mode
[  101.573283][ T5120] Bluetooth: hci0: command tx timeout
[  102.246690][ T5994] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.290757][ T5994] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  102.291581][ T5994] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.325939][ T5994] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  102.328035][ T5994] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.368507][ T5994] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  102.370045][ T5994] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.410413][ T5994] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  102.558061][ T5994] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.596839][ T5994] 8021q: adding VLAN 0 to HW filter on device team0
[  102.611873][  T767] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.613362][  T767] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.625411][ T1306] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.625594][ T1306] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.981567][ T5994] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.088457][ T5994] veth0_vlan: entered promiscuous mode
[  103.097559][ T5994] veth1_vlan: entered promiscuous mode
[  103.144962][ T5994] veth0_macvtap: entered promiscuous mode
[  103.150115][ T5994] veth1_macvtap: entered promiscuous mode
[  103.193427][ T5994] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.213504][ T5994] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.221281][   T66] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.221467][   T66] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.221502][   T66] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.221534][   T66] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.662239][ T5120] Bluetooth: hci0: command tx timeout
[  103.796503][ T6096] loop0: detected capacity change from 0 to 2048
[  103.948533][ T6096] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  104.229609][ T6096] jffs2: notice: (6096) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[  104.324938][ T6109] ==================================================================
[  104.324954][ T6109] BUG: KASAN: slab-use-after-free in mutex_lock_interruptible_nested+0x5a/0x1d0
[  104.324993][ T6109] Read of size 1 at addr ffff888040944128 by task jffs2_gcd_mtd0/6109
[  104.325009][ T6109] 
[  104.325026][ T6109] CPU: 1 UID: 0 PID: 6109 Comm: jffs2_gcd_mtd0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  104.325048][ T6109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  104.325067][ T6109] Call Trace:
[  104.325077][ T6109]  <TASK>
[  104.325085][ T6109]  dump_stack_lvl+0xe8/0x150
[  104.325114][ T6109]  print_address_description+0x55/0x1e0
[  104.325142][ T6109]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  104.325163][ T6109]  print_report+0x58/0x70
[  104.325187][ T6109]  kasan_report+0x117/0x150
[  104.325218][ T6109]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  104.325242][ T6109]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  104.325270][ T6109]  __kasan_check_byte+0x2a/0x40
[  104.325294][ T6109]  lock_acquire+0x84/0x350
[  104.325315][ T6109]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  104.325345][ T6109]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  104.325371][ T6109]  mutex_lock_interruptible_nested+0x5a/0x1d0
[  104.325390][ T6109]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  104.325414][ T6109]  ? do_raw_spin_lock+0x12b/0x2f0
[  104.325442][ T6109]  jffs2_garbage_collect_pass+0xb0/0x2150
[  104.325471][ T6109]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  104.325497][ T6109]  ? lockdep_hardirqs_on+0x7a/0x110
[  104.325522][ T6109]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  104.325547][ T6109]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  104.325567][ T6109]  ? rt_spin_lock+0x1e0/0x400
[  104.325587][ T6109]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[  104.325616][ T6109]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  104.325639][ T6109]  ? rt_spin_unlock+0x160/0x200
[  104.325667][ T6109]  ? sigprocmask+0x15c/0x1a0
[  104.325695][ T6109]  jffs2_garbage_collect_thread+0x67c/0x710
[  104.325714][ T6109]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  104.325745][ T6109]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  104.325766][ T6109]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  104.325793][ T6109]  ? __kthread_parkme+0x19c/0x1f0
[  104.325823][ T6109]  kthread+0x388/0x470
[  104.325843][ T6109]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  104.325861][ T6109]  ? __pfx_kthread+0x10/0x10
[  104.325880][ T6109]  ret_from_fork+0x514/0xb70
[  104.325908][ T6109]  ? __pfx_ret_from_fork+0x10/0x10
[  104.325935][ T6109]  ? __switch_to+0xc79/0x1410
[  104.325959][ T6109]  ? __pfx_kthread+0x10/0x10
[  104.325978][ T6109]  ret_from_fork_asm+0x1a/0x30
[  104.326004][ T6109]  </TASK>
[  104.326011][ T6109] 
[  104.326019][ T6109] Allocated by task 6096:
[  104.326028][ T6109]  kasan_save_track+0x3e/0x80
[  104.326048][ T6109]  __kasan_kmalloc+0x93/0xb0
[  104.326069][ T6109]  __kmalloc_cache_noprof+0x3a6/0x690
[  104.326093][ T6109]  jffs2_init_fs_context+0x4f/0xc0
[  104.326109][ T6109]  alloc_fs_context+0x9d5/0xd50
[  104.326132][ T6109]  do_new_mount+0x187/0xd30
[  104.326149][ T6109]  __se_sys_mount+0x31d/0x420
[  104.326166][ T6109]  do_syscall_64+0x15f/0xf80
[  104.326189][ T6109]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.326206][ T6109] 
[  104.326210][ T6109] Freed by task 5994:
[  104.326218][ T6109]  kasan_save_track+0x3e/0x80
[  104.326238][ T6109]  kasan_save_free_info+0x46/0x50
[  104.326255][ T6109]  __kasan_slab_free+0x5c/0x80
[  104.326276][ T6109]  kfree+0x1c5/0x6c0
[  104.326295][ T6109]  deactivate_locked_super+0xbc/0x130
[  104.326314][ T6109]  cleanup_mnt+0x437/0x4d0
[  104.326333][ T6109]  task_work_run+0x1d9/0x270
[  104.326349][ T6109]  exit_to_user_mode_loop+0xed/0x480
[  104.326364][ T6109]  do_syscall_64+0x33e/0xf80
[  104.326385][ T6109]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.326400][ T6109] 
[  104.326404][ T6109] The buggy address belongs to the object at ffff888040944000
[  104.326404][ T6109]  which belongs to the cache kmalloc-4k of size 4096
[  104.326418][ T6109] The buggy address is located 296 bytes inside of
[  104.326418][ T6109]  freed 4096-byte region [ffff888040944000, ffff888040945000)
[  104.326437][ T6109] 
[  104.326441][ T6109] The buggy address belongs to the physical page:
[  104.326455][ T6109] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x40940
[  104.326472][ T6109] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  104.326486][ T6109] flags: 0x80000000000040(head|node=0|zone=1)
[  104.326506][ T6109] page_type: f5(slab)
[  104.326521][ T6109] raw: 0080000000000040 ffff88801a01e140 dead000000000100 dead000000000122
[  104.326537][ T6109] raw: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000
[  104.326552][ T6109] head: 0080000000000040 ffff88801a01e140 dead000000000100 dead000000000122
[  104.326567][ T6109] head: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000
[  104.326583][ T6109] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[  104.326597][ T6109] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  104.326606][ T6109] page dumped because: kasan: bad access detected
[  104.326619][ T6109] page_owner tracks the page as allocated
[  104.326626][ T6109] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5180, tgid 5180 (udevd), ts 46781035299, free_ts 0
[  104.326662][ T6109]  post_alloc_hook+0x231/0x280
[  104.326685][ T6109]  get_page_from_freelist+0x27c8/0x2840
[  104.326711][ T6109]  __alloc_frozen_pages_noprof+0x18d/0x380
[  104.326736][ T6109]  allocate_slab+0x77/0x660
[  104.326753][ T6109]  refill_objects+0x33c/0x3d0
[  104.326768][ T6109]  __pcs_replace_empty_main+0x373/0x720
[  104.326786][ T6109]  __kmalloc_cache_noprof+0x44e/0x690
[  104.326808][ T6109]  uevent_show+0x15a/0x310
[  104.326827][ T6109]  dev_attr_show+0x58/0xc0
[  104.326844][ T6109]  sysfs_kf_seq_show+0x310/0x490
[  104.326861][ T6109]  seq_read_iter+0x4f0/0xe20
[  104.326884][ T6109]  vfs_read+0x58b/0xa80
[  104.326904][ T6109]  ksys_read+0x156/0x270
[  104.326924][ T6109]  do_syscall_64+0x15f/0xf80
[  104.326946][ T6109]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.326962][ T6109] page_owner free stack trace missing
[  104.326968][ T6109] 
[  104.326972][ T6109] Memory state around the buggy address:
[  104.326981][ T6109]  ffff888040944000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  104.326994][ T6109]  ffff888040944080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  104.327006][ T6109] >ffff888040944100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  104.327015][ T6109]                                   ^
[  104.327024][ T6109]  ffff888040944180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  104.327036][ T6109]  ffff888040944200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  104.327046][ T6109] ==================================================================
[  104.327061][ T6109] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  104.327075][ T6109] CPU: 1 UID: 0 PID: 6109 Comm: jffs2_gcd_mtd0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  104.327096][ T6109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  104.327107][ T6109] Call Trace:
[  104.327114][ T6109]  <TASK>
[  104.327122][ T6109]  vpanic+0x56c/0xa60
[  104.327141][ T6109]  ? __pfx_vpanic+0x10/0x10
[  104.327162][ T6109]  panic+0xc5/0xd0
[  104.327178][ T6109]  ? __pfx_panic+0x10/0x10
[  104.327196][ T6109]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  104.327216][ T6109]  ? rcu_is_watching+0x15/0xb0
[  104.327241][ T6109]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  104.327262][ T6109]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  104.327282][ T6109]  check_panic_on_warn+0x89/0xb0
[  104.327304][ T6109]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  104.327323][ T6109]  end_report+0x73/0x170
[  104.327346][ T6109]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  104.327366][ T6109]  kasan_report+0x128/0x150
[  104.327392][ T6109]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  104.327415][ T6109]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  104.327437][ T6109]  __kasan_check_byte+0x2a/0x40
[  104.327462][ T6109]  lock_acquire+0x84/0x350
[  104.327483][ T6109]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  104.327511][ T6109]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  104.327537][ T6109]  mutex_lock_interruptible_nested+0x5a/0x1d0
[  104.327558][ T6109]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  104.327580][ T6109]  ? do_raw_spin_lock+0x12b/0x2f0
[  104.327602][ T6109]  jffs2_garbage_collect_pass+0xb0/0x2150
[  104.327626][ T6109]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  104.327651][ T6109]  ? lockdep_hardirqs_on+0x7a/0x110
[  104.327671][ T6109]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  104.327690][ T6109]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  104.327706][ T6109]  ? rt_spin_lock+0x1e0/0x400
[  104.327722][ T6109]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[  104.327745][ T6109]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  104.327763][ T6109]  ? rt_spin_unlock+0x160/0x200
[  104.327782][ T6109]  ? sigprocmask+0x15c/0x1a0
[  104.327803][ T6109]  jffs2_garbage_collect_thread+0x67c/0x710
[  104.327818][ T6109]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  104.327843][ T6109]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  104.327859][ T6109]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  104.327880][ T6109]  ? __kthread_parkme+0x19c/0x1f0
[  104.327903][ T6109]  kthread+0x388/0x470
[  104.327918][ T6109]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  104.327933][ T6109]  ? __pfx_kthread+0x10/0x10
[  104.327948][ T6109]  ret_from_fork+0x514/0xb70
[  104.327970][ T6109]  ? __pfx_ret_from_fork+0x10/0x10
[  104.327991][ T6109]  ? __switch_to+0xc79/0x1410
[  104.328010][ T6109]  ? __pfx_kthread+0x10/0x10
[  104.328025][ T6109]  ret_from_fork_asm+0x1a/0x30
[  104.328046][ T6109]  </TASK>
[  104.328549][ T6109] Kernel Offset: disabled